This webinar will introduce cyber risk quantification (CRQ) and the means and methods used to employ it in the enterprise. The presenters will describe some of the problems associated with using verbal and ordinal scales to measure cybersecurity risk. They will emphasize the importance of utilizing ratio scales for quantification measures such as frequency, control capability, and economic impact—to achieve meaningful risk assessments. Also covered are the sources for data (external and internal) as well as soliciting data from subject matter experts. The webinar will end with information on integrating CRQ with other risk assessment methods.
Jack Freund, Ph.D.
Head of Cyber Risk Methodology
Over the course of his 20-year career in technology and risk, Dr. Jack Freund has become a leading voice in cyber risk measurement and management. He is the co-author of an award-winning book on cyber risk quantification and holds a doctorate in Information Systems. Jack is currently serving as Head of Cyber Risk Methodology for VisibleRisk (Moody’s and Team8 JV). Previously Jack served as Cyber Risk Director for RiskLens and TIAA. Jack was named Distinguished Fellow of the ISSA, awarded Global Achievement Awards by ISACA and (ISC)2, and named a Fellow of the IAPP and the FAIR Institute.
Chief Risk Scientist
RiskLens and Chairman of the FAIR Institute
Jack has worked in information security for over thirty-five years, including ten years of experience as a CISO with three different companies, including a Fortune 100 company. His work was recognized in 2006 with the ISSA Excellence in the Field of Security Practices award. In 2012 Jack received the CSO Compass award for risk management leadership. An adjunct professor at Carnegie Mellon University, he teaches in the CRO and CISO executive programs. Jack also created the “Factor Analysis of Information Risk” (FAIR) model adopted as an international standard. Currently, Jack is the Chief Risk Scientist at RiskLens and Chairman of the FAIR Institute, an award-winning global non-profit organization. He has also co-authored a book on FAIR entitled “Measuring and Managing Information Risk, a FAIR Approach” which was inducted into the Cyber Security Canon in 2016.